THE RESPONSIBLE AND SECURE USE OF YOUR DATA
Your privacy is of great importance to me and I am committed to complying with the terms of the General Data Protection Regulation (GDPR) regarding the responsible and secure use of your data.
The purpose of this statement is to let you know what personal information I collect and hold, why I collect this data, how long it is kept and your right with regards to this personal data. I am registered with the Information Commissioners Office (ICO).
What information do I collect?
As a psychotherapist, I collect personal data from you such as name, address, telephone number and/or email address, date of birth, GP or Referrer details. I may ask you to fill in psychological questionnaires. I also collect further sensitive data such as your family background, information about your presenting situation and your mental and physical health. I supplement these details on a session by session basis.
What do I use your information for?
- To provide you with psychotherapy services as requested
- To notify you about appointment changes
- To fulfil administrative, legal, ethical and contractual obligations
What information do I share?
I do not share any information about you with other organisations or people except in the following situations:
Consent: with your consent, I may share information with relevant professionals or others whom you have requested or agreed I need to contact
Serious Harm: I may share your information with relevant authorities if I have reason to believe this may prevent serious harm being caused to you or another person
Compliance with Law: I may share information when the law requires me to e.g. safeguarding, terrorism, drug trafficking and serious crime
Clinical Will: I have a ‘clinical will’ which means that in the event of my sudden death or serious accident/illness, you may contact a named colleague if you choose to. While the named colleague will not be given your personal information in advance, in the event of my death that colleague will be given access to all relevant data I hold, in order to keep it safe and ensure it is destroyed after seven years.
Supervision: While it is an ethical requirement for psychotherapists to have regular clinical supervision from an accredited member of their relevant accrediting body (UKCP, EMDR UK & Ireland), your name is withheld from the supervisor.
How do I keep your information safe?
- All information you provide to me is stored securely
- Paper forms and correspondence are kept in a locked filing cabinet. All electronic files are kept on a password protected device with virus protection software
- While I endeavour to keep my systems and communications protected again viruses and other harmful effects, I cannot bear responsibility for all communications being virus free
- Formal reports are password protected and/or they are sent through a secure encrypted service
- Process notes are separated from any identifiable personal information and kept securely in a locked filing cabinet
- Client notes and documentation are destroyed seven years after the end of your psychotherapy
- Any known data breaches will be reported to the ICO within 72 hours
- Any requests for personal data require your written consent
- If clients contact me by text or mobile phone, names and numbers are not stored
- My website, www.counsellingbradford.com is maintained by ContextCanada. No details are stored on their systems for any contact requests made through them
Under the GDPR you have the right to:
- Access your personal data to rectify, erase or restrict this, object to its processing and request the transfer of your data
- Withdraw your consent for me to hold and process your data. If you did this while actively receiving psychotherapy, this service would have to end. To withdraw your consent, please state this in writing at my postal address or email firstname.lastname@example.org or email@example.com
- If you have any concerns about how I handle your data please contact me at my postal address or by email firstname.lastname@example.org or email@example.com. If you feel your concern has not been resolved effectively you have the right to contact the ICO, Information Commissioners Office (www.ico.org.uk)
Changes to this policy:
This document may be modified from time to time.